Powering up the Router

WarningBlank faceplates and cover panels serve three important functions: they prevent exposure to hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI) that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not operate the system unless all cards, faceplates, front covers, and rear covers are in place. Statement 1029

CautionDo not press any keys on the keyboard until the messages stop and the SYS LED is solid green. Any keys pressed during this time are interpreted as the first command typed when the messages stop, which might cause the router to power off and start over. It takes a few minutes for the messages to stop.

Note Depending on your installation, some LEDs at the rear of the chassis and on installed modules might also illuminate.

If you encounter a problem during the power up process, see the Troubleshooting documentation on the Cisco.com product page.

Step 3 Use any of the following tools to perform the initial configuration.

Note Cisco recommends using Cisco Configuration Professional Express to perform the initial configuration on the router because it provides a web-based graphical-user interface. See Cisco Configuration Professional Express.

Cisco Setup Command Facility lets you configure the initial router settings through a configuration dialog. If you see the following messages, the router has booted and is ready for initial configuration using the setup command facility.

--- System Configuration Dialog ---At any point you may enter a question mark '?' for help.Use ctrl-c to abort configuration dialog at any prompt.Default settings are in square brackets '[]'.Would you like to enter the initial configuration dialog? [yes/no]:

Cisco Command Line Interface (CLI) lets you configure the initial router settings manually. If you see the following messages, the router has booted and is ready for initial configuration using the CLI. For how to use the CLI to configure the router, see the “Using Cisco IOS CLI—Manual Configuration” section.

Note If the rommon 1> prompt appears, your system has booted in ROM monitor mode. For information on the ROM monitor, see Using the ROM Monitor in the router’s software configuration guide.

Verifying the Front Panel LED Indications

The front-panel indicator LEDs described in Table 1-13 provide power, activity, and status information useful during power up.

Performing the Initial Configuration on the Router

Use the following tools to perform the initial configuration on the router:

Using Cisco Setup Command Facility

The setup command facility prompts you to enter the information that is needed to configure a router quickly. The facility steps you through a initial configuration, including LAN and WAN interfaces. For more general information about the setup command facility, see the following document:

This section explains how to configure a hostname for the router, set passwords, and configure an interface for communication with the management network.

Note The messages that are displayed will vary based on your router model, the installed interface modules, and the software image. The following example and the user entries (in bold) are shown as examples only.

Note If you make a mistake while using the setup command facility, you can exit and run the setup command facility again. Press Ctrl-C, and enter the setup command in privileged EXEC mode (Router#).

Step 1 Enter the setup command facility by using one of the following methods:

From the Cisco IOS CLI, enter the setup command in privileged EXEC mode:

The prompts in the setup command facility vary; depending on your router model, on the installed interface modules, and on the software image. The following steps and the user entries (in bold) are shown as examples only.

Note If you make a mistake while using the setup command facility, you can exit and run the setup command facility again. Press Ctrl-C, and enter the setup command at the privileged EXEC mode prompt (Router#). For more information on using the setup command facility, see The Setup Command chapter in Cisco IOS Configuration FundamentalsCommand Reference, Release 12.2T, http://www.cisco.com/en/US/docs/ios/12_2t/fun/command/reference/122tfr.html

Step 2 To proceed using the setup command facility, enter yes.

Continue with configuration dialog? [yes/no]:At any point you may enter a question mark '?' for help.Use ctrl-c to abort configuration dialog at any prompt.Default settings are in square brackets '[]'.

Step 3 Basic management setup configures only enough connectivity

Would you like to enter basic management setup? [yes/no]: yes

Step 4 Enter a hostname for the router (this example uses myrouter):

Configuring global parameters:Enter host name [Router]: myrouter

Step 5 Enter an enable secret password. This password is encrypted (for more security) and cannot be seen when viewing the configuration.

The enable secret is a password used to protect access toprivileged EXEC and configuration modes. This password, afterentered, becomes encrypted in the configuration.Enter enable secret: cisco

Step 6 Enter an enable password that is different from the enable secret password. This password is not encrypted (and is less secure) and can be seen when viewing the configuration.

The enable password is used when you do not specify anenable secret password, with some older software versions, andsome boot images.Enter enable password: cisco123

Step 7 Enter the virtual terminal password, which prevents unauthenticated access to the router through ports other than the console port:

The virtual terminal password is used to protectaccess to the router over a network interface.Enter virtual terminal password: cisco

Step 8 Respond to the following prompts as appropriate for your network:

Note The interface summary includes interface numbering, which is dependent on the router model and the installed modules and interface cards.

Current interface summaryInterface IP-Address OK? Method Status ProtocolGigabitEthernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/1 10.10.10.12 YES DHCP up up GigabitEthernet0/2 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up Any interface listed with OK? value "NO" does not have a valid configuration

Step 9 Select one of the available interfaces for connecting the router to the management network:

Enter interface name used to connect to themanagement network from the above interface summary: gigabitethernet0/1

Step 10 Respond to the following prompts as appropriate for your network:

Step 11 Respond to the following prompts. Select [2] to save the initial configuration:

[0] Go to the IOS command prompt without saving this config.[1] Return back to the setup without saving this config.[2] Save this configuration to nvram and exit.Enter your selection [2]: 2Building configuration...Use the enabled mode 'configure' command to modify this configuration.Press RETURN to get started! RETURN

The user prompt is displayed:

myrouter>

Completing the Configuration

When using the Cisco Setup, and after you have provided all the information requested by the facility, the final configuration appears. To complete your router configuration, follow these steps:

Step 1 The facility prompts you to save the configuration.

If you answer no, the configuration information you entered is not saved, and you return to the router enable prompt (Router#). Enter setup to return to the System Configuration Dialog.

If you answer yes, the configuration is saved, and you are returned to the user EXEC prompt (Router>).

Use this configuration? {yes/no} : yesBuilding configuration...Use the enabled mode 'configure' command to modify this configuration.Press RETURN to get started!%LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up%LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up%LINK-3-UPDOWN: Interface Serial0/0/0, changed state to up%LINK-3-UPDOWN: Interface Serial0/0/1, changed state to down%LINK-3-UPDOWN: Interface Serial0/2, changed state to down%LINK-3-UPDOWN: Interface Serial1/0, changed state to up%LINK-3-UPDOWN: Interface Serial1/1, changed state to down%LINK-3-UPDOWN: Interface Serial1/2, changed state to down<Additional messages omitted.>

Step 2 When the messages stop appearing on your screen, press Return to get the Router> prompt.

Note If you see the next message, it means that no other routers were found on the network attached to the port.

Step 3 The Router> prompt indicates that you are now at the command-line interface (CLI) and you have just completed a initial router configuration. Nevertheless, this is not a complete configuration. At this point, you have two choices:

Run the setup command facility again, and create another configuration.

Router> enablePassword: passwordRouter# setup

Modify the existing configuration or configure additional features by using the CLI:

Step 1 Enter the following answer when the system message appears on the router.

--- System Configuration Dialog ---At any point you may enter a question mark '?' for help.Use ctrl-c to abort configuration dialog at any prompt.Default settings are in square brackets '[]'.Would you like to enter the initial configuration dialog? [yes/no]: no

Configuring the Router Hostname

The hostname is used in CLI prompts and default configuration filenames. If you do not configure the router hostname, the router uses the factory-assigned default hostname “Router.”

Do not expect capitalization and lower casing to be preserved in the hostname. Uppercase and lowercase characters are treated as identical by many Internet software applications. It may seem appropriate to capitalize a name as you would ordinarily do, but conventions dictate that computer names appear in all lowercase characters. For more information, see the RFC 1178, Choosing a Name for Your Computer.

The name must also follow the rules for Advanced Research Projects Agency Network (ARPANET) hostnames. They must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphens. Names must be 63 characters or fewer. For more information, see the RFC 1035, Domain Names—Implementation and Specification.

SUMMARY STEPS

1. enable

2. configure terminal

3. hostname name

4. Verify that the router prompt displays your new hostname.

5. end

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Router# configure terminal

Enters global configuration mode.

Step 3

hostname name

Router(config)# hostname myrouter

Specifies or modifies the hostname for the network server.

Step 4

Verify that the router prompt displays your new hostname.

myrouter(config)#

—

Step 5

end

myrouter# end

(Optional) Returns to privileged EXEC mode.

Configuring the Enable and Enable Secret Passwords

To provide an additional layer of security, particularly for passwords that cross the network or are stored on a TFTP server, you can use either the enable password command or enable secret command. Both commands accomplish the same thing—they allow you to establish an encrypted password that users must enter to access privileged EXEC (enable) mode.

We recommend that you use the enable secret command because it uses an improved encryption algorithm. Use the enable password command only if you boot an older image of the Cisco IOS software or if you boot older boot ROMs that do not recognize the enable secret command.

Configuring the Console Idle Privileged EXEC Timeout

When you configure the console line, you can also set communication parameters, specify autobaud connections, and configure terminal operating parameters for the terminal that you are using. For more information on configuring the console line, see the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide. In particular, see the “Configuring Operating Characteristics for Terminals” and “Troubleshooting and Fault Management” chapters.

SUMMARY STEPS

1. enable

2. configure terminal

3. line console 0

4. exec-timeout minutes [ seconds ]

5. end

6. show running-config

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Router# configure terminal

Enters global configuration mode.

Step 3

line console 0

Router(config)# line console 0

Configures the console line and starts the line configuration command collection mode.

Step 4

exec-timeout minutes [ seconds ]

Router(config-line)# exec-timeout 0 0

Sets the idle privileged EXEC timeout, which is the interval that the privileged EXEC command interpreter waits until user input is detected.

The example shows how to specify no timeout. Setting the exec-timeout value to 0 will cause the router to never log out once logged in. This could have security implications if you leave the console without manually logging out using the disable command.

Step 5

end

Router(config)# end

Returns to privileged EXEC mode.

Step 6

show running-config

Router(config)# show running-config

Displays the running configuration file.

Verify that you properly configured the idle privileged EXEC timeout.

Examples

The following example shows how to set the console idle privileged EXEC timeout to 2 minutes 30 seconds:

line console exec-timeout 2 30

The following example shows how to set the console idle privileged EXEC timeout to 10 seconds:

line console exec-timeout 0 10

Configuring Gigabit Ethernet Interfaces

This sections shows how to assign an IP address and interface description to an Ethernet interface on your router.

The Cisco IOS software uses the gateway (router) of last resort if it does not have a better route for a packet and if the destination is not a connected network. This section describes how to select a network as a default route (a candidate route for computing the gateway of last resort). The way in which routing protocols propagate the default route information varies for each protocol.

IP routing is automatically enabled in the Cisco IOS software. When IP routing is configured, the system will use a configured or learned route to forward packets, including a configured default route.

Default Routes

A router might not be able to determine the routes to all other networks. To provide complete routing capability, the common practice is to use some routers as smart routers and give the remaining routers default routes to the smart router. (Smart routers have routing table information for the entire internetwork.) These default routes can be passed along dynamically, or can be configured into the individual routers.

Most dynamic interior routing protocols include a mechanism for causing a smart router to generate dynamic default information that is then passed along to other routers.

Default Network

If a router has an interface that is directly connected to the specified default network, the dynamic routing protocols running on the router will generate or source a default route. In the case of RIP, the router will advertise the pseudonetwork 0.0.0.0. In the case of IGRP, the network itself is advertised and flagged as an exterior route.

A router that is generating the default for a network also may need a default of its own. One way a router can generate its own default is to specify a static route to the network 0.0.0.0 through the appropriate device.

Gateway of Last Resort

When default information is being passed along through a dynamic routing protocol, no further configuration is required. The system periodically scans its routing table to choose the optimal default network as its default route. In the case of RIP, there is only one choice, network 0.0.0.0. In the case of IGRP, there might be several networks that can be candidates for the system default. The Cisco IOS software uses both administrative distance and metric information to determine the default route (gateway of last resort). The selected default route appears in the gateway of last resort display of the show ip route EXEC command.

If dynamic default information is not being passed to the software, candidates for the default route are specified with the ip default-network global configuration command. In this usage, the ip default-network command takes an unconnected network as an argument. If this network appears in the routing table from any source (dynamic or static), it is flagged as a candidate default route and is a possible choice as the default route.

If the router has no interface on the default network, but does have a route to it, it considers this network as a candidate default path. The route candidates are examined and the best one is chosen, based on administrative distance and metric. The gateway to the best default path becomes the gateway of last resort.

Configuring Virtual Terminal Lines for Remote Console Access

Virtual terminal (vty) lines are used to allow remote access to the router. This section shows you how to configure the virtual terminal lines with a password, so that only authorized users can remotely access the router.

Note To verify the number of vty lines on your router, use the line vty ? command.

Step 4

password password

Router(config-line)# password guessagain

Specifies a password on a line.

Step 5

login

Router(config-line)# login

Enables password checking at login.

Step 6

end

Router(config-line)# end

Returns to privileged EXEC mode.

Step 7

show running-config

Router# show running-config

Displays the running configuration file.

Verify that you properly configured the virtual terminal lines for remote access.

Step 8

From another network device, attempt to open a Telnet session to the router.

Router# 172.16.74.3

Password:

Verifies that you can remotely access the router and that the virtual terminal line password is correctly configured.

Examples

The following example shows how to configure virtual terminal lines with a password:

!line vty 0 4 password guessagain login !

What to Do Next

After you configure the vty lines, follow these steps:

(Optional) To encrypt the virtual terminal line password, see the “Configuring Passwords and Privileges” chapter in the Cisco IOS Security Configuration Guide. Also see the Cisco IOS Password Encryption Facts tech note.

(Optional) To secure the VTY lines with an access list, see the “Part 3: Traffic Filtering and Firewalls” in the Cisco IOS Security Configuration Guide.

Configuring the Auxiliary Line

This section describes how to enter line configuration mode for the auxiliary line. How you configure the auxiliary line depends on your particular implementation of the auxiliary (AUX) port. See the following documents for information on configuring the auxiliary line:

Configuring a Modem on the AUX Port for EXEC Dialin Connectivity, tech note

Saving Your Router Configuration

This section describes how to avoid losing your configuration at the next system reload or power cycle by saving the running configuration to the startup configuration in NVRAM. The NVRAM provides 256KB of storage on the router.

SUMMARY STEPS

1. enable

2. copy running-config startup-config

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

copy running-config startup-config

Router# copy running-config startup-config

Saves the running configuration to the startup configuration.

Saving Backup Copies of Configuration and System Image

To aid file recovery and minimize downtime in case of file corruption, we recommend that you save backup copies of the startup configuration file and the Cisco IOS software system image file on a server.

SUMMARY STEPS

1. enable

2. copy nvram:startup-config { ftp: | rcp: | tftp: }

3. show {flash0|flash1}:

4. copy {flash0|flash1}: { ftp: | rcp: | tftp: }

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

copy nvram:startup-config { ftp: | rcp: | tftp: }

Router# copy nvram:startup-config ftp:

Copies the startup configuration file to a server.

The configuration file copy can serve as a backup copy.

Enter the destination URL when prompted.

Step 3

show {flash0|flash1}:

Router# show {flash0|flash1} :

Displays the layout and contents of a flash memory file system.

Learn the name of the system image file.

Step 4

copy {flash0|flash1}: { ftp: | rcp: | tftp: }

Router# copy {flash0|flash1}: ftp :

Copies a file from flash memory to a server.

Copy the system image file to a server to serve as a backup copy.

Enter the filename and destination URL when prompted.

Examples

Copying the Startup Configuration to a TFTP Server: Example

The following example shows the startup configuration being copied to a TFTP server:

The following example shows the use of the show {flash0|flash1}: command in privileged EXEC to learn the name of the system image file and the use of the copy {flash0|flash1}: tftp: privileged EXEC command to copy the system image (c3900-2is-mz) to a TFTP server. The router uses the default username and password.

Note To avoid losing work you have completed, be sure to save your configuration occasionally as you proceed. Use the copy running-config startup-config command to save the configuration to NVRAM.

Verifying the Initial Configuration

Enter the following commands in the Cisco IOS to verify the initial configuration on the router:

show version —Displays the system hardware version; the installed software version; the names and sources of configuration files; the boot images; and the amount of installed DRAM, NVRAM, and flash memory.

show diag —Lists and displays diagnostic information about the installed controllers, interface processors, and port adapters.

show interfaces — Shows interfaces are operating correctly and that the interfaces and line protocol are in the correct state—up or down

show ip interface brief— Displays a summary status of the interfaces configured for IP protocol.

show configuration— Verify that you have configured the correct hostname and password.

When you have completed and verified the initial configuration, the specific features and functions are ready to be configured. See the Cisco 1900 Series, 2900 Series, and 3900 Series Software Configuration Guide.